PEBKAC Still Plagues PC Security

Billosaur writes "ARS Technica is reporting on a study release by McAfee and the National Cyber Security Alliance (as part of the beginning of National Cyber Security Awareness Month) that suggests when it comes to PC security, the problem between the keyboard and the chair is even worse. PEBKAC has always been a problem, but the study highlights just how prevalent it has become. 87 percent of the users contacted said they used anti-virus software, while 70 percent use anti-spyware software. Fewer (64 percent) reported having their firewalls turned on, and only 27 percent use software designed to stop phishing attempts. Researchers were allowed to scan the computers of a subset of the users, and while 70 percent claimed to be using anti-spyware software, only 55 percent of the machines of those users scanned showed evidence of the software."

And the solution is...

[It+doesn't+come+easy]

I use Avast free home edition anti-virus program and that's it. No firewall (and I turn off the "firewall" that comes with XP) and no anti-spyware programs. And in more than 3 years I have had zero malware of any sort on my computers running XP.

The secret of my success is that I also don't use Internet Explorer (except for the Windows Update website, cause Microsoft makes me). That one step protects me from >95% of the malware. The other 5% is handled by Avast and Firefox. And I don't download and install "free" programs and games.

Boycott Internet Explorer (and all of the loss of security, privacy, and control of your own computer that goes with it), use Firefox and a good anti-virus program, and don't do stupid things on the net and you're golden.

Re:Are you sure?

[garcia]

That you know of. A lot of zombie-related malware is intended to be very stealthy.

They aren't stealthy enough to go through a logged firewall w/o being missed. IMHO, that's the best defense to any network -- paying attention to what the fuck is going on with your connection.

My Theory: XP can work, but not with kids

[spagetti_code]

Similar here, but I've run XP, *no* AV, *no* anti-spyware etc for 4 years. I do have a firewall/wireless hub for the house. I browse with Firefox only, and thats kept up to date and has Adblock and NoScript. My mail is scanned (although quite a few nasties sneak through).

My wife is computer illiterate, but she knows she's only supposed to open a small set of attachments and sees me about the rest. She knows not to open anything she doesn't recognize.

4 years, no viruses/spyware etc. I've tried a couple of those online scans and they came up clean.

However, now the kids are starting to use the PC.... I've switched to Ubuntu. I not convinced I can set up an XP machine that can't be infected by them.

That switch was a *major* pain. Switching MSmoney to gnucash, losing Photoshop, copying outlook mail history to evolution, loss of PDA syncing, blah blah blah.

Re:Are you sure?

[suv4x4]

Seriously, its become standard to retort to claims of malware free with Windows with "Nuh uh! You probably just don't know you have it!" which is stupid if only for the reason that such a claim isn't reasonably falsifiable.

It may be stupid but it's not wrong. I'm a developer and the kind of guy who sets his firewall as limited as possible, has anti-virus on, doesn't download "Free Smileys!!!" software, and in fact I'm very careful about doing things on my computer that may affect my security.

I thought I was clean, I looked clean, and the PC worked like clean. Until one day I the anti-virus detected a popular keylogger installed on my system (4 years ago). That was on top of that during a full-drive scan, not resident alert, who knows for how long was this thing running, and where it came from.

Bottom line is, the infection status isn't something easy to assess, especially if you're not very experienced in the area and especially if you consider that you're virus free by default.

The only way to not push your luck is know what you're doing, and turning your firewall off deliberately is equivalent to not knowing what you're doing.

If you ask me now, since I wiped my disk twice, and changed all my passwords and reinstalled everything since, am I virus free? I'll tell you yes.. but I'll NEVER be 100% sure in my answer, since I could easily be wrong.

It's not different on a Linux server by the way, so this is not a Windows vs Linux argument AT ALL.

Re:Are you sure?

[Architect_sasyr]

The tripwire installation (cold boot checking), Snort console and usage graphs say that my FreeBSD box hasn't been infected since it was installed.

There is one possibility, and that is there was code slipped into the repository prior to the 6.2-RELEASE CD's being created (verified the sum of the CD's when I got them) which could be rooting my box. I don't have the time to be doing (is it Orange book?) procedures that will ensure this doesn't happen. I'm with Rycross, there are so many ways to be infected that saying your not is just setting yourself up for a fall.

Re:it is not a user fault

[big_paul76]

Here here.

In WWII, they had frequent aircraft crashes caused by pilots landing with the gear up.

They consistently attributed these accidents to "pilot error".

Then somebody took a look at the design of the cockpit, and realized that it wasn't designed in a way that would make it immediately obvious to a pilot whether or not the gear was up or down. When the cockpit was re-designed, the high rate of 'gear up' landings evaporated.

In other words, the designers were blaming the users for a design flaw. Happens all the time in the software industry these days.

I'm not saying that PEBKAC errors don't happen, or that idiots don't do stupid things. But I suspect that a large slice of the cases we classify as "user error" should really be called design error.